<?php 
require_once('Connections/staf.php'); 
include 'authorized.php';
// This is your AJAX page 
// This file name MUST be permohonankursusconfig.php in order for this to work!!
// This file MUST be located in the same directory as the PHP file shown below!
if (isset($_POST['id'])) { 

$dbconnect = mysql_connect('localhost', 'root', '') or die("Couldn't connect to 'localhost' " . mysql_error() );
$dbselect = mysql_select_db('kursus_staf', $dbconnect) or die("Trouble selecting the 'kursus_staf'");
if (!function_exists('sql_val')) {
     function sql_val( $input ) {
          if ( get_magic_quotes_gpc() ) {
               $input = stripslashes( $input );
          } //get_magic_quotes_gpc()
          return ( "'" . mysql_real_escape_string( $input ) . "'" );
     }
} //end function not exist
if ( !function_exists( 'clean' ) ) {
     function clean( $input, $type="", $no_tags="" ) {
          if ($no_tags != "") {
               $input = trim(strip_tags($input));
          }
          if ($type != "") {
               if (strlen(strstr($type,"("))>0) {
                    $split = explode("(", $type);
                    $type = $split['0'];
                    $limit = str_replace(")", "", $split['1']);

                    if ( ($type == "int") && (!is_int($input)) ) {
                         $input = (int)substr($input, 0, $limit);
                    } else {
                         $input = substr($input, 0, $limit);
                    }
               }
          }
          if ( get_magic_quotes_gpc() ) {
               $input = stripslashes( $input );
          } 
          if ( @mysql_ping() != "" ) {
               $input = mysql_real_escape_string( $input );
          } else {
               $search = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a");
               $replace = array("\\x00", "\\n", "\\r", "\\\\" ,"\'", "\\\"", "\\x1a");
               $input = str_replace($search, $replace, $input);
          }
          return $input;
     } //end function
} //end function not exist
if (!function_exists('reverb')) {
     function reverb($value) {
          return htmlspecialchars(stripslashes($value));
     }
}//end functin not exists
if (!function_exists('print_x')) {
     function print_x($value) {
          echo '<pre>';
          print_r($value);
          echo '</pre>';
     }
}//end functin not exists
if (isset($_POST['id'])) { 
     $id = isset($_POST['id']) ? clean($_POST['id'], "int(11)") : "";
     $nama = isset($_POST['nama']) ? mysql_real_escape_string($_POST['nama']) : "";//clean($_POST['nama'], "varchar(255)") : "";
     $noic = isset($_POST['noic']) ? clean($_POST['noic'], "varchar(255)") : "";
     $kategori_kursus = isset($_POST['kategori_kursus']) ? clean($_POST['kategori_kursus'], "varchar(255)") : "";
     $nama_kursus = isset($_POST['nama_kursus']) ? clean($_POST['nama_kursus'], "varchar(255)") : "";
     $tempat_kursus = isset($_POST['tempat_kursus']) ? clean($_POST['tempat_kursus'], "varchar(255)") : "";
     $anjuran = isset($_POST['anjuran']) ? clean($_POST['anjuran'], "varchar(255)") : "";
     $tarikh_mula = isset($_POST['tarikh_mula']) ? clean($_POST['tarikh_mula'], "date") : "";
     $tarikh_tamat = isset($_POST['tarikh_tamat']) ? clean($_POST['tarikh_tamat'], "date") : "";
     $bil_hari = isset($_POST['bil_hari']) ? clean($_POST['bil_hari'], "int(11)") : "";
     $tarikh_key_in = isset($_POST['tarikh_key_in']) ? clean($_POST['tarikh_key_in'], "date") : "";
     $disahkan = isset($_POST['disahkan']) ? clean($_POST['disahkan'], "text") : "";
     $kumpulan_perkhidmatan = isset($_POST['kumpulan_perkhidmatan']) ? clean($_POST['kumpulan_perkhidmatan'], "varchar(255)") : "";
}

$tarikh_mula = date('Y-m-d', strtotime($tarikh_mula));
$tarikh_tamat = date('Y-m-d', strtotime($tarikh_tamat));
$tarikh_key_in = date('Y-m-d', strtotime($tarikh_key_in));
$query = 'INSERT INTO permohonan_kursus ( 
   `stafid`, 
   `nama`, 
   `noic`, 
   `kategori_kursus`, 
   `nama_kursus`, 
   `tempat_kursus`, 
   `anjuran`, 
   `tarikh_mula`, 
   `tarikh_tamat`, 
   `bil_hari`, 
   `tarikh_key_in`, 
   `disahkan`, 
   `kumpulan_perkhidmatan` 
) VALUES ( 
   '.sql_val($id).', 
   '.sql_val($nama).', 
   '.sql_val($noic).', 
   '.sql_val($kategori_kursus).', 
   '.sql_val($nama_kursus).', 
   '.sql_val($tempat_kursus).', 
   '.sql_val($anjuran).', 
   '.sql_val($tarikh_mula).', 
   '.sql_val($tarikh_tamat).', 
   '.sql_val($bil_hari).', 
   '.sql_val($tarikh_key_in).', 
   '.sql_val($disahkan).', 
   '.sql_val($kumpulan_perkhidmatan).' 
)'; 
/*<!-- NOT in safe mode!! -->*/
$result = mysql_query($query) or die('<p class="db_error"><b>A fatal MySQL error occurred while trying to save <b>'.reverb($_POST['id']).'</b> to the database.</b><br />Query: '.$query.'<br />Error: ('.mysql_errno().') '.mysql_error().'</p>');
if ($result) $db_message = '<p class="db_success">Successfully saved : '.reverb($_POST['nama_kursus']).'</b> to the database!!</p>';
//print_x($query);
/*<!-- NOT in safe mode!! -->*/

//
if (isset($db_message)) echo $db_message;

}//end if isset id


$userid = $_SESSION['userid'];
mysql_select_db($database_staf);
$queryStaf = sprintf("select nama, noic, gred from maklumat_staf where id = '$userid'");
$resultStaf = mysql_query($queryStaf)or die(mysql_error());
$rowStaf = mysql_fetch_assoc($resultStaf);

$nama = $rowStaf['nama'];
$noic = $rowStaf['noic'];
$gred = $rowStaf['gred'];
$_SESSION['gred'] = $gred;
$sgred = substr($gred, 1);
$query_kump_khidmat = sprintf("select kumpulan_perkhidmatan from gred_fkey where gred = '$sgred'");
$result_kump_khid = mysql_query($query_kump_khidmat)or die(mysql_error());
$row_kump_khidmat = mysql_fetch_assoc($result_kump_khid);
$kumpulan_perkhidmatan = $row_kump_khidmat['kumpulan_perkhidmatan'];
?>